Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare

Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare


Log-Analyse und Auswertung: Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.09.2015, 22:20   #3
anather
 
Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare - Standard

Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare


Sorry, ich hatte das Passwort nicht und konnte nach dem Neustart nicht weiterarbeiten.

An den Logs hab ich leere Abschnitte (ohne Fund) gekürzt und auch M$ ist von mir. Hat aber nicht geklappt unter die 120k-Zeichen zu kommen. Daher jetzt doch 2 Beiträge

FRST.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01
Ran by B (administrator) on A (06-09-2015 22:42:50)
Running from C:\Users\B\Downloads
Loaded Profiles: B &  (Available Profiles: B & Administrator)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(M$) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(M$) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(M$) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(M$) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(M$) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Novell\Client\nwtray.exe
(Dropbox, Inc.) C:\Users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(M$) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(M$) C:\Windows\System32\wsqmcons.exe
(M$) C:\Windows\System32\CompatTelRunner.exe
(M$) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(M$) C:\Program Files\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(M$) C:\Windows\Temp\5BD42BF5-4B5D-4DD4-9F97-250A1AE4BE16\DismHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\\Run: [NWTRAY] => C:\Program Files\Novell\Client\nwtray.exe [40632 2013-09-29] ()
HKLM-x32\\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-19] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2739015723-2927197382-1160632269-1001\\Run: [Dropbox Update] => C:\Users\B\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-2739015723-2927197382-1160632269-1001\\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2739015723-2927197382-1160632269-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (M$)
Lsa: [Authentication Packages] msv1_0 ncv1_0
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\B\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\B\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F777ADDD-2478-438E-85C8-BF3C873A22A6}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2739015723-2927197382-1160632269-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKU\S-1-5-21-2739015723-2927197382-1160632269-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM -> DefaultScope {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2739015723-2927197382-1160632269-1001 -> DefaultScope {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2739015723-2927197382-1160632269-1001 -> {216F2AAB-AC60-4908-BAF9-3DA6499FC0FE} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (M$)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (M$)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (M$)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (M$)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (M$)

FireFox:
========
FF ProfilePath: C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\ds5n16am.default
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\B\AppData\Roaming\Mozilla\Firefox\Profiles\ds5n16am.default\user.js [2014-02-16]

Chrome: 
=======
CHR Plugin: (Store) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\resources\web_store No File
CHR Plugin: (Google Docs) - aohghmighlieiainnegkcijnfilokake\0.9_0 No File
CHR Plugin: (Google Drive) - apdfllckaahabafndbhieahigkjlhalf\14.0_0 No File
CHR Plugin: (YouTube) - blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 No File
CHR Plugin: (Google-Suche) - coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0 No File
CHR Plugin: (Foxtab Speed Dial) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\resources\chrome_app No File
CHR Plugin: (Chrome PDF Viewer) - pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 No File
CHR Profile: C:\Users\B\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (YouTube) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Citavi Picker) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-01-30]
CHR Extension: (Gmail) - C:\Users\B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
CHR HKLM\\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\B\AppData\Local\foxtab_speeddial.crx [2014-01-30]
CHR HKU\S-1-5-21-2739015723-2927197382-1160632269-1001\SOFTWARE\Google\Chrome\Extensions\\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\B\AppData\Local\foxtab_speeddial.crx [2014-01-30]
CHR HKLM-x32\\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\B\AppData\Local\foxtab_speeddial.crx [2014-01-30]
CHR HKLM-x32\\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-01-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (M$)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (M$)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (M$)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (M$)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [21176 2013-09-29] (Novell, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [113336 2013-09-29] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [116408 2013-09-29] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [91320 2013-09-29] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [121016 2013-09-29] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [27320 2013-09-29] ()
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [32952 2013-09-29] (Novell, Inc.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-29] (Windows (R) Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (M$)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (M$)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (M$)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [82616 2013-09-29] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [81080 2013-09-29] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [50360 2013-09-29] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20664 2013-09-29] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84664 2013-09-29] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [40120 2013-09-29] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [57016 2013-09-29] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [39096 2013-09-29] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [26296 2013-09-29] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [37048 2013-09-29] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [60600 2013-09-29] (Novell, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 22:42 - 2015-09-06 22:42 - 00019289 _____ C:\Users\B\Downloads\FRST.txt
2015-09-06 22:41 - 2015-09-06 22:42 - 00000000 ____D C:\FRST
2015-09-06 22:41 - 2015-09-06 22:41 - 00000000 ____D C:\Users\B\Downloads\FRST-OlderVersion
2015-09-04 20:19 - 2015-09-06 22:41 - 02190336 _____ (Farbar) C:\Users\B\Downloads\FRST64.exe
2015-09-04 19:35 - 2015-09-06 22:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-04 19:35 - 2015-09-04 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-04 19:35 - 2015-09-04 19:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-04 19:35 - 2015-09-04 19:35 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-04 19:35 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-04 19:35 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-04 19:35 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-04 19:33 - 2015-09-04 19:34 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\B\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-04 16:05 - 2015-09-04 16:06 - 00000000 ____D C:\Users\B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-04 13:27 - 2015-09-04 13:27 - 00004937 _____ C:\Users\B\Downloads\export.csv
2015-08-29 20:41 - 2015-08-29 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-26 23:34 - 2015-08-26 23:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-08-26 18:32 - 2015-08-26 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-19 13:51 - 2015-08-11 03:20 - 25191936 _____ (M$) C:\WINDOWS\system32\mshtml.dll
2015-08-19 13:51 - 2015-08-11 02:20 - 19871232 _____ (M$) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-13 14:10 - 2015-08-13 14:12 - 102777624 _____ (...) C:\Users\B\Downloads\ElsterFormular-16.2.24.20150630k.exe
2015-08-13 01:13 - 2015-07-30 16:04 - 00124624 _____ (M$) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 01:13 - 2015-07-30 15:48 - 00103120 _____ (M$) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 00:17 - 2015-07-19 03:58 - 00136904 _____ (M$) C:\WINDOWS\system32\wuauclt.exe
2015-08-13 00:17 - 2015-07-18 20:51 - 03704320 _____ (M$) C:\WINDOWS\system32\wuaueng.dll
2015-08-13 00:17 - 2015-07-18 20:31 - 00140288 _____ (M$) C:\WINDOWS\system32\wuwebv.dll
2015-08-13 00:17 - 2015-07-18 20:31 - 00095744 _____ (M$) C:\WINDOWS\system32\wudriver.dll
2015-08-13 00:17 - 2015-07-18 20:31 - 00035840 _____ (M$) C:\WINDOWS\system32\wuapp.exe
2015-08-13 00:17 - 2015-07-18 20:29 - 00409088 _____ (M$) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-13 00:17 - 2015-07-18 20:29 - 00124928 _____ (M$) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-13 00:17 - 2015-07-18 20:29 - 00029696 _____ (M$) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-13 00:17 - 2015-07-18 20:28 - 00081920 _____ (M$) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-13 00:17 - 2015-07-18 20:12 - 02228736 _____ (M$) C:\WINDOWS\system32\wucltux.dll
2015-08-13 00:17 - 2015-07-18 20:10 - 00891904 _____ (M$) C:\WINDOWS\system32\wuapi.dll
2015-08-13 00:17 - 2015-07-18 20:09 - 00721920 _____ (M$) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-13 00:17 - 2015-07-16 02:29 - 07458648 _____ (M$) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-13 00:17 - 2015-07-16 02:29 - 01735000 _____ (M$) C:\WINDOWS\system32\ntdll.dll
2015-08-13 00:17 - 2015-07-16 02:29 - 00101720 _____ (M$) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-13 00:17 - 2015-07-16 02:28 - 01499920 _____ (M$) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-13 00:17 - 2015-07-10 19:54 - 01217024 _____ (M$) C:\WINDOWS\system32\sysmain.dll
2015-08-13 00:16 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-13 00:15 - 2015-07-16 22:36 - 00584192 _____ (M$) C:\WINDOWS\system32\vbscript.dll
2015-08-13 00:15 - 2015-07-16 22:36 - 00417792 _____ (M$) C:\WINDOWS\system32\html.iec
2015-08-13 00:15 - 2015-07-16 22:35 - 02885632 _____ (M$) C:\WINDOWS\system32\iertutil.dll
2015-08-13 00:15 - 2015-07-16 22:26 - 05923328 _____ (M$) C:\WINDOWS\system32\jscript9.dll
2015-08-13 00:15 - 2015-07-16 22:23 - 00615936 _____ (M$) C:\WINDOWS\system32\ieui.dll
2015-08-13 00:15 - 2015-07-16 22:21 - 00816640 _____ (M$) C:\WINDOWS\system32\jscript.dll
2015-08-13 00:15 - 2015-07-16 21:53 - 00145408 _____ (M$) C:\WINDOWS\system32\iepeers.dll
2015-08-13 00:15 - 2015-07-16 21:51 - 00504320 _____ (M$) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-13 00:15 - 2015-07-16 21:50 - 00341504 _____ (M$) C:\WINDOWS\SysWOW64\html.iec
2015-08-13 00:15 - 2015-07-16 21:45 - 02279424 _____ (M$) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-13 00:15 - 2015-07-16 21:45 - 01032704 _____ (M$) C:\WINDOWS\system32\inetcomm.dll
2015-08-13 00:15 - 2015-07-16 21:41 - 00479232 _____ (M$) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-13 00:15 - 2015-07-16 21:39 - 00664064 _____ (M$) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-13 00:15 - 2015-07-16 21:38 - 00262144 _____ (M$) C:\WINDOWS\system32\webcheck.dll
2015-08-13 00:15 - 2015-07-16 21:36 - 00801280 _____ (M$) C:\WINDOWS\system32\msfeeds.dll
2015-08-13 00:15 - 2015-07-16 21:34 - 14451200 _____ (M$) C:\WINDOWS\system32\ieframe.dll
2015-08-13 00:15 - 2015-07-16 21:32 - 02125824 _____ (M$) C:\WINDOWS\system32\inetcpl.cpl
2015-08-13 00:15 - 2015-07-16 21:14 - 02880000 _____ (M$) C:\WINDOWS\system32\actxprxy.dll
2015-08-13 00:15 - 2015-07-16 21:13 - 00880128 _____ (M$) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-13 00:15 - 2015-07-16 21:12 - 04520448 _____ (M$) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-13 00:15 - 2015-07-16 21:12 - 02427904 _____ (M$) C:\WINDOWS\system32\wininet.dll
2015-08-13 00:15 - 2015-07-16 21:10 - 12856832 _____ (M$) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-13 00:15 - 2015-07-16 21:06 - 00689152 _____ (M$) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-13 00:15 - 2015-07-16 21:01 - 01545728 _____ (M$) C:\WINDOWS\system32\urlmon.dll
2015-08-13 00:15 - 2015-07-16 20:52 - 01048576 _____ (M$) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-13 00:15 - 2015-07-16 20:49 - 00800768 _____ (M$) C:\WINDOWS\system32\ieapfltr.dll
2015-08-13 00:15 - 2015-07-16 20:42 - 01951232 _____ (M$) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-13 00:15 - 2015-07-16 20:38 - 01310720 _____ (M$) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-13 00:15 - 2015-07-16 20:37 - 00710144 _____ (M$) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-13 00:13 - 2015-07-29 01:24 - 00025776 _____ (M$) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-13 00:13 - 2015-07-28 16:24 - 01148416 _____ (M$) C:\WINDOWS\system32\aeinv.dll
2015-08-13 00:13 - 2015-07-28 16:24 - 01116160 _____ (M$) C:\WINDOWS\system32\appraiser.dll
2015-08-13 00:13 - 2015-07-28 16:24 - 00774144 _____ (M$) C:\WINDOWS\system32\invagent.dll
2015-08-13 00:13 - 2015-07-28 16:24 - 00743424 _____ (M$) C:\WINDOWS\system32\generaltel.dll
2015-08-13 00:13 - 2015-07-28 16:24 - 00437248 _____ (M$) C:\WINDOWS\system32\devinv.dll
2015-08-13 00:13 - 2015-07-28 16:24 - 00069120 _____ (M$) C:\WINDOWS\system32\acmigration.dll
2015-08-13 00:13 - 2015-07-07 11:40 - 00270168 _____ (M$) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-13 00:13 - 2015-07-07 11:40 - 00114520 _____ (M$) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-13 00:13 - 2015-07-07 11:40 - 00044560 _____ (M$) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-13 00:13 - 2015-07-02 00:19 - 00228864 _____ (M$) C:\WINDOWS\system32\WebClnt.dll
2015-08-13 00:13 - 2015-07-02 00:16 - 00104448 _____ (M$) C:\WINDOWS\system32\davclnt.dll
2015-08-13 00:13 - 2015-07-01 23:37 - 00198656 _____ (M$) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-13 00:13 - 2015-07-01 23:35 - 00087040 _____ (M$) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-13 00:13 - 2015-06-12 19:03 - 18823680 _____ (M$) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-13 00:13 - 2015-06-12 18:36 - 15159296 _____ (M$) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 00:12 - 2015-07-29 16:37 - 01994752 _____ (M$) C:\WINDOWS\system32\DWrite.dll
2015-08-13 00:12 - 2015-07-29 16:30 - 01381888 _____ (M$) C:\WINDOWS\system32\FntCache.dll
2015-08-13 00:12 - 2015-07-29 16:23 - 01559552 _____ (M$) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-13 00:12 - 2015-07-24 20:57 - 04177408 _____ (M$) C:\WINDOWS\system32\win32k.sys
2015-08-13 00:12 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-13 00:12 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-13 00:12 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-13 00:12 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-13 00:12 - 2015-07-14 23:59 - 01113944 _____ (M$) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-13 00:12 - 2015-07-14 23:59 - 00487256 _____ (M$) C:\WINDOWS\system32\netcfgx.dll
2015-08-13 00:12 - 2015-07-14 23:59 - 00393560 _____ (M$) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-13 00:12 - 2015-07-14 05:22 - 02529880 _____ (M$) C:\WINDOWS\system32\msxml6.dll
2015-08-13 00:12 - 2015-07-14 05:21 - 01901776 _____ (M$) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-13 00:12 - 2015-07-13 21:46 - 00059392 _____ (M$) C:\WINDOWS\system32\csrsrv.dll
2015-08-13 00:12 - 2015-07-13 21:45 - 00059392 _____ (M$) C:\WINDOWS\system32\basesrv.dll
2015-08-13 00:12 - 2015-07-10 20:19 - 01101824 _____ (M$) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-13 00:12 - 2015-07-10 19:42 - 02345472 _____ (M$) C:\WINDOWS\system32\msxml3.dll
2015-08-13 00:12 - 2015-07-10 19:14 - 00856064 _____ (M$) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-13 00:12 - 2015-07-10 19:13 - 07032320 _____ (M$) C:\WINDOWS\system32\mstscax.dll
2015-08-13 00:12 - 2015-07-10 18:47 - 01556992 _____ (M$) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-13 00:12 - 2015-07-10 18:31 - 06213120 _____ (M$) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-13 00:12 - 2015-07-09 19:13 - 00221184 _____ (M$) C:\WINDOWS\system32\notepad.exe
2015-08-13 00:12 - 2015-07-09 19:13 - 00221184 _____ (M$) C:\WINDOWS\notepad.exe
2015-08-13 00:12 - 2015-07-09 18:30 - 00212992 _____ (M$) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-13 00:12 - 2015-06-11 22:12 - 02476376 _____ (M$) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-13 00:12 - 2015-06-11 22:12 - 00428888 _____ (M$) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-13 00:12 - 2015-05-12 02:24 - 00536920 _____ (M$) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 22:42 - 2014-08-05 09:56 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5E01ED-998F-4E35-B8B9-6B1C7CA86A70}
2015-09-06 22:41 - 2014-07-17 21:22 - 01562125 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 22:41 - 2014-01-30 00:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2739015723-2927197382-1160632269-1001
2015-09-06 22:40 - 2013-06-30 23:42 - 00000000 ___RD C:\Users\B\Dropbox
2015-09-06 22:38 - 2014-10-04 18:06 - 00000000 ____D C:\Users\B\AppData\Roaming\Skype
2015-09-06 22:38 - 2014-02-02 12:47 - 00000000 ____D C:\Users\B\AppData\Roaming\Dropbox
2015-09-06 22:37 - 2014-01-30 00:37 - 00000310 _____ C:\WINDOWS\Tasks\FoxTab.job
2015-09-06 22:35 - 2014-01-30 00:28 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-06 22:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-06 22:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-04 20:28 - 2013-08-22 16:46 - 00394571 _____ C:\WINDOWS\setupact.log
2015-09-04 20:28 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-04 20:27 - 2014-03-18 10:16 - 00237338 _____ C:\WINDOWS\PFRO.log
2015-09-04 20:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-09-04 20:25 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-04 20:20 - 2015-01-10 19:18 - 00000000 ____D C:\ProgramData\APN
2015-09-04 20:20 - 2014-01-30 00:37 - 00000000 ____D C:\Users\B\AppData\Roaming\FoxTab
2015-09-04 20:20 - 2014-01-30 00:37 - 00000000 ____D C:\Program Files (x86)\Foxtab
2015-09-04 20:07 - 2015-06-20 10:56 - 00001246 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2739015723-2927197382-1160632269-1001UA.job
2015-09-04 19:46 - 2014-01-30 00:28 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-04 19:06 - 2014-01-30 13:06 - 00000300 _____ C:\WINDOWS\Tasks\DLL-Files FixerASKUSER.job
2015-09-04 12:07 - 2015-06-20 10:56 - 00001194 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2739015723-2927197382-1160632269-1001Core.job
2015-09-03 22:34 - 2015-04-18 13:43 - 00003112 _____ C:\WINDOWS\System32\Tasks\RDReminder
2015-08-29 20:42 - 2014-10-04 18:05 - 00000000 ____D C:\ProgramData\Skype
2015-08-29 20:41 - 2014-10-04 18:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-29 20:41 - 2014-01-30 00:28 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 20:41 - 2014-01-30 00:28 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 23:32 - 2015-06-01 23:03 - 00000000 ____D C:\Users\B\AppData\Roaming\vlc
2015-08-24 12:50 - 2014-03-18 17:26 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-19 17:08 - 2014-01-30 13:04 - 00000292 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-08-19 13:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-17 19:20 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-17 18:10 - 2013-08-22 16:44 - 00386432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 18:00 - 2014-12-13 16:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 18:00 - 2014-07-12 18:27 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-13 18:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 18:00 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 14:16 - 2014-01-30 00:42 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-13 13:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-13 11:36 - 2014-01-31 19:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 11:29 - 2014-01-31 19:48 - 132483416 _____ (M$) C:\WINDOWS\system32\MRT.exe
2015-08-13 01:11 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 01:11 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-08 15:55 - 2013-08-22 17:38 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 15:55 - 2013-08-22 17:38 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 01:02 - 2014-01-30 00:56 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-08-07 01:02 - 2014-01-30 00:56 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

==================== Files in the root of some directories =======

2014-01-30 00:37 - 2014-07-19 13:37 - 0000267 _____ () C:\Users\B\AppData\Roaming\WB.CFG
2014-01-30 00:37 - 2014-01-30 00:37 - 0000005 _____ () C:\Users\B\AppData\Roaming\WBPU-TTL.DAT
2014-03-01 13:03 - 2014-08-26 22:42 - 0001776 _____ () C:\Users\B\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-01-30 00:37 - 2014-01-30 00:37 - 0369548 _____ () C:\Users\B\AppData\Local\foxtab_speeddial.crx
2014-01-30 14:05 - 2014-01-30 14:06 - 0000624 _____ () C:\ProgramData\NCIDebug.log

Some files in TEMP:
====================
C:\Users\B\AppData\Local\Temp\avgnt.exe
C:\Users\B\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbglrd0.dll
C:\Users\B\AppData\Local\Temp\jre-8u45-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-04 12:40

==================== End of FRST.txt ============================
--- --- ---

--- --- ---
__________________
 

Themen zu Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare
adware.lollipop.it, fehlercode 0xc0000005, fehlercode 22, foxtab entfernen, install.exe, pup.optional.apntoolbar, pup.optional.apntoolbar.gen, pup.optional.bandoo, pup.optional.browsefox, pup.optional.bundleinstaller, pup.optional.digitalsites, pup.optional.downloadprotect, pup.optional.downloadprotectextension, pup.optional.feven, pup.optional.foxtab, pup.optional.opencandy, pup.optional.optimuminstaller, pup.optional.updater, pup.optional.widgetcontext, spamemails, this device is disabled. (code 22), update for zip opener entfernen, vis entfernen, zip opener packages entfernen


« Werbung (Sound) im Hintergrund | svchost.exe verucht im sekundentakt "bösartige Webseiten" aufzurufen »


Ähnliche Themen: Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare


  1. Malwarebytes findet: Adware.Trace in C:/end
    Plagegeister aller Art und deren Bekämpfung - 13.11.2015 (10)
  2. Malwarebytes Anti-Malware findet TowerTilt Adware
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (21)
  3. Meine Yahoo! Mail versendet Spam eMails
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (1)
  4. Mail-Programm versendet selbstständig Emails an Kontaktliste
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (9)
  5. Malwarebytes Anti-Malware findet (Adware.Packed.Ranver) u. (PUP.Optional.Softonic.A)
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (19)
  6. Email-Adresse versendet eigenständig Inkasso-Emails
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (8)
  7. Emails versendet ohne mein Wissen, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (10)
  8. Yahoo Account versendet Emails MAC OS
    Alles rund um Mac OSX & Linux - 18.12.2012 (3)
  9. GMX Mail Konto versendet Spam-Emails
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  10. Computer versendet Emails an gesamtes Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (2)
  11. GMX versendet Spam-Emails trotz Löschung des Trojaners
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (7)
  12. Malwarebytes findet Adware.GamePlayLab und 3 weitere infizierte Dateien von Poker Anbietern
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (1)
  13. Hotmail versendet automatisch Emails
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (1)
  14. Malwarebytes findet Adware.Agent
    Log-Analyse und Auswertung - 19.12.2011 (1)
  15. Virus der Emails versendet und svz nachrichten auch oO
    Log-Analyse und Auswertung - 31.10.2010 (16)
  16. Outlook versendet spam- Mwb findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (1)
  17. ~DF7690.TMP lässt sich nicht löschen, malwarebytes findet adware.NetPumper
    Plagegeister aller Art und deren Bekämpfung - 06.02.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare - Sorry, ich hatte das Passwort nicht und konnte nach dem Neustart nicht weiterarbeiten. An den Logs hab ich leere Abschnitte (ohne Fund) gekürzt und auch M$ ist von mir. Hat - Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare...
Archiv
Du betrachtest: Win8, versendet Spam-Emails, Malwarebytes findet vers. PUP+AdWare auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131